package com.springboot.security.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * 如果业务比较复杂，可以配置多个 HttpSecurity，实现对 WebSecurityConfigurerAdapter 的多次扩展
 * 配置多个 HttpSecurity，MultiHttpSecurityConfig 不需要继承 WebSecurityConfigurerAdapter,只需要
 * 在 MultiHttpSecurityConfig 中创建静态内部类继承 WebSecurityConfigurerAdapter 即可，静态内部类上添加 @Configuration 和 @Order,
 * order注解表示改配置的优先级，数字越小优先级越大，未加 @Order 注解的配置优先级最小
 * @author wangning
 * @create 2021-05-18 15:10
 */
//@Configuration//暂时不使用
public class MultiHttpSecurityConfig {
	@Bean
	public PasswordEncoder passwordEncoder() {
		return NoOpPasswordEncoder.getInstance();
	}

	@Autowired
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication()
				.withUser("root").password("123").roles("ADMIN", "DBA")
				.and()
				.withUser("admin").password("123").roles("ADMIN", "USER")
				.and()
				.withUser("wang").password("123").roles("USER");
	}

//	@Configuration
//	@Order(1)
//	public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
//		@Override
//		protected void configure(HttpSecurity http) throws Exception {
//			http.antMatcher("/admin/**").authorizeRequests()
//					.anyRequest().hasRole("ADMIN");
//		}
//	}
//
//	@Configuration
//	public static class OtherSecurityConfig extends WebSecurityConfigurerAdapter {
//		@Override
//		protected void configure(HttpSecurity http) throws Exception {
//			http.authorizeRequests()
//					.anyRequest().authenticated()
//					.and()
//					.formLogin()
//					.loginProcessingUrl("/login")
//					.permitAll()
//					.and()
//					.csrf()
//					.disable();
//		}
//	}
}
